//************************************************** ***********//
// Loader and patcher for Battle of the Immortal
// by Dwar
// 2010-09-02
// Feel free using our knowledge and guides, but please, keep linkbacks to the original article
//************************************************** ***********//
program Loader;
uses
Windows,
Messages;
//************************************************** ***********//
// ChangePrivilege of process
//************************************************** ***********//
procedure ChangePrivilege(szPrivilege: PChar; fEnable: Boolean);
var
NewState: TTokenPrivileges;
luid: TLargeInteger;
hToken: THandle;
ReturnLength: DWord;
begin
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hToken);
LookupPrivilegeValue(nil, szPrivilege, luid);
NewState.PrivilegeCount := 1;
NewState.Privileges[0].Luid := luid;
if (fEnable) then
NewState.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
NewState.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, NewState, SizeOf(NewState), nil, ReturnLength);
CloseHandle(hToken);
end;
//************************************************** ***********//
// Main Routines
//************************************************** ***********//
var
si : Startupinfo;
pi : Process_Information;
NewData : array[0..1] of byte = ($EB,$44); // data for replacing
Olddata : array[0..1] of byte; // array to store readed data
NewDataSize : DWORD;
Bytesread : DWORD;
unpacked : boolean;
ttimer : integer;
Begin
ZeroMemory(@si,sizeof(si));
ZeroMemory(@pi,sizeof(pi));
FillChar(Si,Sizeof(si),0);
Si.cb:=Sizeof(si);
unpacked := false;
ttimer := 0;
ChangePrivilege('SeDebugPrivilege', True); // Setting debug Privilege
// Creating process
if CreateProcess(PChar('Game.exe'), nil,nil,nil,FALSE,0,nil,nil,si,pi) = true then
begin
// reading process memory in cycle
while not unpacked do
begin
ReadProcessMemory(pi.hprocess,Pointer($0046740E),@ olddata,length(Olddata),bytesread);
// check if program was unpacked
if (olddata[0] = $75) and (olddata[1] = $44) then
begin
// Suspend the target program
SuspendThread(pi.hThread);
unpacked := true;
// Show message thath the program was unpacked
Messagebox(0,pchar('Unpacked'),pchar('Good'),mb_ic oninformation);
// stop the cycle
break;
end;
inc(ttimer);
if ttimer > 500 then
break;
//wait a little bit
sleep(10);
end;
if unpacked then
begin
ReadProcessMemory(pi.hprocess,Pointer($0046740E),@ olddata,length(Olddata),bytesread);
if (olddata[0] = $75) and (olddata[1] = $44) then
begin
// write new bytes to the process memory
WriteProcessMemory(pi.hProcess, Pointer($0046740E), @NewData, sizeof(NewData), bytesread);
// all went OK, resume application
ResumeThread(pi.hThread);
CloseHandle(pi.hProcess);
CloseHandle(PI.hThread);
end
else
begin
Messagebox(0,pchar('Bytes not found! Wrong version?...'),pchar('Error'),mb_iconinformation);
TerminateProcess(PI.hProcess,0);
CloseHandle(PI.hProcess);
CloseHandle(PI.hThread);
end;
end
else
begin
Messagebox(0,pchar('Program not unpacked...'),pchar('Error'),mb_iconinformation);
TerminateProcess(PI.hProcess,0);
CloseHandle(PI.hProcess);
CloseHandle(PI.hThread);
end;
end;
end.